Every Christopher Soghoian production follows a similar pattern, a series of orchestrated events that lead to the public shaming of a large entityâGoogle, Facebook, the federal governmentâover transgressions that the 30-year-old technologist sees as unacceptable violations of privacy. Sometimes he discovers these security flaws by accident, other times because someone has pissed him off, but mostly because heâs parked at his computer all day looking for security flaws.
When he finds one, Soghoian, a PhD candidate in computer science at Indiana University Bloomington, learns everything he can about it and devises what he sees as a viable solution. Then he alerts the offending party and gives them a chance to fix things, explaining that if they donât, heâll go public with his discovery. (OK, sometimes he skips the give-them-a-chance step.) When the inevitable wave of media coverage starts breaking, Soghoian is often the first expert that reporters turn to for sound bitesâabout stories he has effectively handed them. In the end, the security holes get patched, and Soghoian gets more notoriety and more work. Heâs vertically integrated.